Prevent the re-use of recent passwords when resetting or changing user passwords

Proposal

When a user resets or changes their password, the system should prevent them from re-using one of their three most recent previous passwords. Currently, the system does not enforce any rules around re-using recently-used passwords when a new password is set. This could weaken the security of passwords if a user repeatedly re-uses the same passwords. The password reset and change functionality should be updated to check the previous three passwords and disallow the new password if it matches any of those. This will help encourage users to choose stronger, more unique passwords over time.

Related customer ticket: Internal Only

---

Description was generated using AI